Graduate course
on
Computer Security
December 3-7, 2001
Dipartimento di Matematica e Informatica
Università degli Studi di Udine
Udine, Italy
Syllabus
Powerpoint slides are available for each lecture. They can be accessed by
clicking on their title.
3 December 2001
Introduction
Lecture 1: Information Assurance
- Unintended behaviors
- Errors and attacks
- Policies, mechanisms and assurance
- Access control
- Discretionary
- Mandatory
- Role-based
- Information flow
- Covert channels
- Stegonography
- Securing execution
- Safe programs
- Mobile code
Lecture 2: Shared-Key Cryptography
- Goals of cryptography
- History
- Symmetric ciphers
- Attack models
- Block ciphers
- Stream ciphers
- Data Encryption Standard (DES)
- 3DES, DESX
- Advanced Encryption Standard (AES)
- What is a secure cipher?
4 December 2001
Lecture 3: Public-Key Cryptography
- The problem of key distribution
- Elements of number theory
- Public-key encryption
- Diffie-Hellman key exchange
- El Gamal encryption
- RSA
- Hash functions
- Digital signatures
- Public-key infrastructures
- New trends in Cryptography
Lecture 4: Authentication Protocols
- Authentication protocols
- Challenge-respons
- Key generation
- Key distribution
- Subprotocols
- Attacks
- Man-in-the-middle
- Type flaw
- Parallel session
- Binding
- Encapsulation
- Implementation-dependent
- Design principles
- "Prudent Engineering Practice"
- Fail-stop protocols
5 December 2001
Lecture 5: Case Study I: Kerberos V
*
- Objectives
- User view
- Inside Kerberos V
- Message flow
- Message format
- Options
Lecture 6: Case Study II: WEP
- The 802.11 wireless communication standard
- WEP: Wired Equivalent Privacy
- Architecture
- Security goals
- Attacks
- on confidentiality
- on authentication
- on integrity
- Proposed remedies
- Lessons learned
6 December 2001
Lecture 7: Specification Languages
*
- Evaluation criteria
- Taxonomy
- "Usual notation"
- Belief logics
- Process calculi
- Inductive methods
- Automata theory
- MSR
Lecture 8: Intruder Models
*
- What is an attack?
- Intruders
- Real
- Polynomial
- Dolev-Yao
- Completeness of the Dolev-Yao intr.
- Type-Flaw attacks
7 December 2001
Lecture 9: Automated Verification
*
- Complexity of protocol verification
- Techniques and tools
- Model checking
- Theorem proving
- Process equivalence
- Belief logics
Lecture 10: Beyond Authentication
*
- Zero-knowledge proofs
- Fair exchange
- Anonymity
- Privacy
- Group protocols
- ...
*:
The slides for this lecture are under construction
Last modified: Wed Nov 21, 01